espressif/esp-nimble
1
0
Fork 0
mirror of https://github.com/espressif/esp-nimble.git synced 2026-06-05 21:04:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

host: sm: secure connection only pairing might fail with no reason

Browse Source 
When BLE_SM_SC_ONLY is on during pairing request, the process might fail even though both SC is supported by the peer and the key size meet the requirements.
This commit is contained in:
Rahul Tank
2025-01-22 13:16:02 +02:00
parent fc098022e7
commit d69d8789f9
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nimble/host/src/ble_sm.c
+11 -11
View File
@@ -1931,18 +1931,18 @@ ble_sm_pair_req_rx(uint16_t conn_handle, struct os_mbuf **om,
} else if (req->max_enc_key_size > BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_INVAL;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_INVAL);
} else if (ble_hs_cfg.sm_sc_only) {
/* Fail if Secure Connections Only mode is on and remote does not
* meet key size requirements - MITM was checked in last step.
* Fail if SC is not supported by peer or key size is too small
} else if (ble_hs_cfg.sm_sc_only && !(req->authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
/* Fail if Secure Connections Only mode is on and SC is not supported by peer
*/
if (!(req->authreq & BLE_SM_PAIR_AUTHREQ_SC)) {
res->sm_err = BLE_SM_ERR_AUTHREQ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);
} else if (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX) {
res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
}
res->sm_err = BLE_SM_ERR_AUTHREQ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);
res->enc_cb = 1;
} else if (ble_hs_cfg.sm_sc_only && (req->max_enc_key_size != BLE_SM_PAIR_KEY_SZ_MAX)) {
/* Fail if Secure Connections Only mode is on and key size is too small
*/
res->sm_err = BLE_SM_ERR_ENC_KEY_SZ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_ENC_KEY_SZ);
res->enc_cb = 1;
} else if (!ble_sm_verify_auth_requirements(req->authreq)) {
res->sm_err = BLE_SM_ERR_AUTHREQ;
res->app_status = BLE_HS_SM_US_ERR(BLE_SM_ERR_AUTHREQ);